From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 30 Jan 2021 16:31:33 +0000 (+0100)
Subject: Import changes for Privoxy 3.0.31 stable
X-Git-Tag: v_3_0_31~7
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=4a418afddb7f0cbd4004b877b7df81bb10fd3f58

Import changes for Privoxy 3.0.31 stable
---

diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml
index b106f57f..4413bb52 100644
--- a/doc/source/changelog.sgml
+++ b/doc/source/changelog.sgml
@@ -24,8 +24,50 @@
 -->
 
 <para>
-  <application>Privoxy 3.0.30</application> fixes a couple of bugs
-  and introduces a few new features.
+  <application>Privoxy 3.0.31</application> fixes two security issues
+  that were discovered while preparing the 3.0.30 release. The issues
+  also affect earlier Privoxy releases.
+</para>
+ <para>
+  Changes in <application>Privoxy 3.0.31</application> stable:
+ </para>
+ <para>
+ <itemizedlist>
+  <listitem>
+   <para>
+    Security/Reliability:
+    <itemizedlist>
+    <listitem>
+     <para>
+      Prevent an assertion from getting triggered by a crafted CGI request.
+      Commit 5bba5b89193fa. OVE-20210130-0001.
+      Reported by: Joshua Rogers (Opera)
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Fixed a memory leak when decompression fails "unexpectedly".
+      Commit f431d61740cc0. OVE-20210128-0001.
+     </para>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Bug fixes:
+    <itemizedlist>
+    <listitem>
+     <para>
+      Fixed detection of insufficient data for decompression.
+      Previously Privoxy could try to decompress a partly
+      uninitialized buffer.
+     </para>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+ </itemizedlist>
 </para>
  <para>
   Changes in <application>Privoxy 3.0.30</application> stable: